Hips question and recommendations

Hi to all forum users,


I'd like to install a strong HIPS figure to prevent from PC attacks with low ressource and not to be annoyied with many pop-up windows.

I was thinking about Process Guard, Real-Time Defender (old Pro Security), Anti-hook, Mamutu, Deep System Explorer

Anybody has any good or bad experiences with any of them ?

Any others suggestion ?


These are my running programs:

Eset Nod32 v2.7 (old version but with the updated signatures)
Outpost Pro Firewall v 6.5.5
Prevx 3.0.1.65 free version
Sandboxie 3.38 (not yet configured)
Shadow Defender
Malwarebytes Antimalware (paid version)
Super Antispyware 4.26
Zemana Antilogger
Hostman with updated hosts file

 

Spyware Terminator is pretty darn good.

 

Hi, Processguard is a dead application (DiamondCS) - not developed in years. Deep system Explorer is something cobbled together by some suspect and rebranded DiamondCS. All the reports I hear about DiamondCS as it is now are bad and you usually dont get a license when you pay them!

Couldnt comment about the others you mention in any great depth. Not a fan of Mamutu.

I have tried several HIPS and I have stuck with Zemana Antilogger. Light, only ever alerts on a real threat and is bullet proof.

Puss

EDIT - I see from your signature that you are already using Zemana. This is a HIPS! You do not need another!

 

....


Okay, first of all, no. SpywareTerminator can't even begin to come close to the functionality of a HIPS program. I wouldn't even use it for what it was meant for, stopping spyware. Pop-up windows with HIPS is all about configuration really. My personal issue with them aside, I honestly think if you want a full-fledged HIPS that can be made very quiet yet offer extremely strong protection and tweaking ability, Comodo ranks up there with the best of them. If you'd like something still very strong but find yourself looking at classical HIPS messages with a confused look on your face, look into some of the policy-based programs such as Defensewall.

With those, you don't really see a lot of pop-ups or actions, they basically handle themselves, making for a pretty simple, nearly trouble free experience. However, again, if you're looking for a full fledged HIPS, which you seem to be, I've got to give Comodo its due. As for your other programs you listed, hopefully someone with more experience with them can help out.

Edit: As far as Zemana, I thought this was merely an anti keylogger/screen capture program, not a HIPS?

 

Hi,

I wouldn't go with Process Guard and Real-time defender since there are no more develop or improved against new threats. But for having each of them at some point in time there were and still great program...

Now, I prefer to go with Malware Defender 2.3.2 (http://www.torchsoft.com/en/md_information.html ) wich is in the same line of protection than PG and RTD but being actively develop and upgraded...

 

WHY?
You use outpost Firewall PRO.It has built in HIPS.Also Zemana has HIPS capabilities.
If u are using all that in your signature you already have a army of security products on your PC.
If u like to try ,use security products(most of us are security software junkies )and have only one PC,than use virtual BOX,and /image back up program and test different configurations on different images.

 

well i assume your outpost is free version so as puss said zemana is reasonably good and you can try private firewall which has become free and has DSA ...see here...http://www.privacyware.com/personal_firewall.html

 

Hi Dw426,

I don't consider Defensewall as a "classical" HIPS but more like an hybrid between sandboxe and HIPS (for is rules). In fact, I found Defensewall and Geswall fantastic especially because they don't throw a lot of message if any at all and they are also simple to use with great support if any problems or questions...

 

I know it isn't a classical Just figured I'd toss that idea out there in case the OP wanted pretty strong protection but didn't want to fool with a ton of alerts from a standard HIPS app that hasn't been "toned down" so to speak.

 

The premise is wrong. A real and " strong " HIPS must alert with pop up. Pop are not banners or advertising, pop up tell you what are happening in your system and help you to check and to set up it. Things are so. Real HIPS are so.

 

I had Spyware Terminator, one year ago, but I was annoying with all pop-up windows. It's not so effective detecting malwares.

DefenceWall, always asking question about trusted and untrusted programs. If you choose an untrusted program as trust program, and this program is a malware but you don't know, you would be infected for running. In this case, no protection at all. Of course, the users choice was the guilt.

 

MalWare Defender is one of the best pound per pound antimalware solution avaliable today

 

More HIPS? You allready have 4 on your system (see bold programs)

 

There lies your problem with ANY of these types of programs, if it relies on a user, something bad can happen. However, even with programs that let you sit back and watch it do all the work, something can be missed completely, mis-identified and so on. There is no bullet-proof, perfect solution and there never will be. If you use a HIPS, you're going to have to do some learning if you haven't already, and honestly, it isn't that hard. No matter what all is said about pop-ups, a well-configured HIPS, whether configured by you or configured out of the box, will leave you alone 9 times out of 10 unless it's something that really needs your attention.

Edit: They're right, you're already decently covered. Do you not like the behavior of the other programs? One reason you may be getting a ton of pop-ups is you have 4 programs doing the same job.

 

Process Guard is still thought of quite highly by some, and you can still DL it.

I've been running Threatfire & Dynamic Security Agent & OA free along with AntiVir, on XP very successfully for a couple of years. I recently included Prevx into the mix, and they all seem to enjoy living together.

Right now typing this my CPU is 97% free, and other resources are nothing to worry about either.

 

Well, it seems like you have somewhat 4 HIPS running together + an antivirus... Ain't that going overboard

 

Atomas31

Haha, maybe. I didn't put them all in at once though, just kept on trying out different Apps. I always try and see if things will work together, because some think they won't. Maybe a number of combinations won't, but these do, for me anyway.

There is some overlap in alerts, but people might be surprised to learn that often one App or the other will alert to many things the others don't. I've lost count on the amount of times this proved very useful.

Of course depending on how the options are set makes a difference to the amount of alerts you receive. All my Apps except Prevx are set on max, but unless i'm doing something unusual the're relatively quiet most of the time.

I often DL Malware and sometimes run it, so need it all really.

 

I'm using Real Time Defender and like it alot as well as ThreatFire. I trialed Anti Hook 3.0 about seven months before the two previously mentioned and really wanted to purchase that but they refused to sell it to me. Their reply was that a new version was expected out in February of this year which has come and gone. For me, Anti Hook 2.6 was very similar to Neoava Guard. Both were excellent at performing BSOD. I'm sure both work well for others and their setup but not mine for whatever reason. I've tried and liked Process Guard and Online Armour.

 

you are sure not to be a bit paranoid?
serious question...!
what are you doing on you computer?
obviously surfing on strange sites?
using conscious malicious software?

first - whats not there cannot be corrupted or attacked
no rights - no damage -> restricted user profile

Sandboxie -> (not yet configured) <-- big ouch

>> Eset Nod32 v2.7

Using on WinXP - not that kind of problem - under Vista or higher=bigger problem

I would reduce that list to:
Eset (Upgrade recommended)
Outpost (disabled av due Eset)
Shadow Defender

MBAM is ok for manual scan - or PrevX - or a² - or...
NOTE: MBAM beside NOD32 is slowing really down - they block each other.

Sandboxie is fine when configured well - although the default settings
offer some good protection.

BTW you dont need to click or start any - just remind "do i really need it?"

 

Programs, and trusted sites, are also the top of the security problem iceberg. No one behaviour or on the cloud software can recognize and detect all the kind of malwares, intrusions, iniected codes in web pages, zero days attacks, vulnerability in Windows, MS Office, JavaVM, Adobe.......Do you know all kind of malwares and rootkits ? Do yo remember Conficker or Gromozon changing techniques ?....

 

In spite of overlap considerations, or trying to prove more than one HIPS can be run simultaneously, I would not run more than one HIPS, with the only possible exception being Sandboxie (maybe Defensewall?? - perhaps someone can comment) run with a classical HIPS. My choices would be in no particular order:

• Sandboxie (though this more of a program-isolation product)
• Malware Defender (run in learning mode for a day or two across all user accounts)
• Outpost Firewall/Security Suite

I would run any type of setup under a limited account.

One other very lean, yet I feel powerful setup, would be Sandboxie under a limited account with SRP (your O/S-built-in simple and effective HIPS) enabled. Just my thoughts.

 

Before installing Sandboxie, Shadow Defender, Zemana and Prevx (free version), I get infected more or less 3 times a year. I noticed that Malwarebytes, Eset Nod and SuperAntispyware real time protection don't give enough protection against all kind of malware. So, that's the main reason, I recently installed Zemana, SB, SD and Prevx. With Prevx, I get a lot of false alarms.

I even plan to change my old Eset Nod 32 v2.70 for Avira Antivir Premium, from which I heard so many positives things here and from malware comparative websites.

I forgot to mention that I'm under Vista 32 bits as Admin (of course, I need a user policy to keep safe my computer, for example, with SRP, DefenceWall,...SRP is to strict policy, for me)

I'm looking for a strong HIPS, blocking rootkits and other malicious drivers from installing, protecting physical memory from modification, blocking hooks and code injections, protecting against User imitation attacks and Windows file protection attacks. That's why I was thinking about programs like Real-Time Defender (old Pro Security), Anti-hook, Mamutu, Deep System Explorer, Process Guard (the new version) or others similar software.

I'm not paranoiad, I don't want to be annoyed by malware from Internet website or from P2P programs.

I know that I need to learn more about security, that's the reason I'm here, to learn from yours experiencies.


I don't want a virtual software like virtualbox, vmware and other virtualization programs.

 

The point about different alerts in diffferent apps is very interesting .

I found that when I started looking at something I thought was pretty straightforward , windows auto-start settings , that different Apps had different lists of these !

So I was getting a bit worried that malware would slip into one path that my main app didn't cover.

In the end ,decided to just treat this as an unimportant oddity , and try and stick with one app which I use to control most of my startup list.

 

Okay, here's my humble opinion and setup that has kept me malware free for the last 2 years at LEAST.

1. Firefox with Noscript and AdblockPlus extensions. (I've added a few extensions, but those two alone will cover you VERY well).

2. Avast Antivirus, free version with Webshield and P2P Shield set to High, all others set to Normal.

3. Sandboxie (I have paid but the free version is just as good).

4. MalwareBytes Antimalware, free on-demand version for quick scans after a surfing session.

That's it, no real time blockers, anti-this and that, nothing. I scan every file I download before I open/execute it, but other than that, no other security measures, apps to get in the way or use resources. If you just use your head (and make others that use your system use theirs), back up your data and just put a few simple roadblocks in place like I have listed above, there's honestly not really anything out there that's going to bite you as far as malware.

As far as your learning about security, this is a GREAT place to learn. Allow me to get you started with my first rule of security: You don't need a lot of security to be secure. Drive-by downloads are pretty much turned into funny jokes with the above list. The rest of your security needs can easily be taken care of by using the best security app on the market, your own brain. Keep it simple, otherwise you will run into the frustrations we see here every day like conflicts, too much resource usage, you name it, it can be caused by running too many security apps.

Light and secure is the name of the game

Edit: By the way, the code injections, hooks, all that is often part of normal program installs/operations. Keep that in mind when you start answering HIPS prompts. The other attacks you worry about are all taken care of by following my previous suggestions/advice.

 

as i thought... must be some reason for that overkill.

Run your p2p-software within sandboxie - and dont think about it.
and use the right p2p software - not the one with big holes...
That and more is reason to run p2p in a restricted area - in extreme cases
use a virtual machine with nothing else in.

the problem you dont realize - you grab the **** - if you want or not.
and all what you do is using another doorkeeper which can be knocked off.

>> I even plan to change my old Eset Nod 32 v2.70 for Avira Antivir Premium

if you like fake messages on your p2p like pain in the ass?
Both are really good - but cause to that i decided again for eset.
(not only that - but i need to check some software again and again...)

i guess i'm outta here...